#cloud-config
#
# Proxmox Cloud-Init User Data Template
# Use this as the user data for VM provisioning in Proxmox
# This automates: updates, SSH keys, Docker installation, security hardening
#

# System configuration
hostname: homelab-vm
timezone: America/New_York
locale: en_US.UTF-8

# User configuration
users:
  - name: cal
    groups: [sudo, docker]
    shell: /bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVVK02rOeeIw1e7BkGlUtSCVrO66dcYM6wGC6snL/lDSxRWi3ABinOj7a74SJ12uuBjpj1Ui6fGbYLvLHCzrMQaijOKpno4BQmulVLT2hKw6xBszQlA7Z2NpP/CiieUsCYBj+vfn743grLRkb6jgVEw2E3TCkNOord0zfmPp6EIre7clUuPUlP75IZMpttbqXhOTjn8Kfq+8+a/iHln4LLDBJbaz/J31Wxnk+eI5tdVz9nO0LHxMxfTbS0HTAAQaP4RRdU+7f455p1xlSIFhZJ0EEXPPTTy7GU07QonzdppS99G+f95kw2mgkX6RmK4j3y7tw01eNV9eWj/hoSvad4xKpMfQbeKXT9EuqsLgzyoUrxaDhEuGH2bZhxMXiQn7AL5kdKfZAaChoy17B+tcSQdZBc1FyHMVYZoJyPYH5kDQKq1qVkHoyQ/H9szKsAIGXzTGwqWMa/5R5FzgrppwpP+dQMqP84DmlY9EeRISegFEKNz2dTKerB/sG4S1bp4EmNUYfdWZUW7ROdS5KOcjExouBlQmksucZpn3sJ6TLDzBN47dw8SCAPuuZzyAXWVAP7GLu7is+cb+jQMh+Twv6LPwVl6SpnpEJxJAG2ijlFgTL9DlHnrcZB7Rilumb3oO5+uKMae+3EYI7jsvbqZlyCIYF6nOB+La1eEIrQyncqdQ== homelab-cal@nobara-pc
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCPzqHDgdK9TlN4uzumBZKEOGtxHaQPK2/m7vy/A9bNLRprG7BO0fXsdRi3wRBzPdta/fMERw/jDTsr+Nvofl8y7eaIAemZ3dJ7DsMVdlNCROrnEwAcBS0JnOKfx0YLqqGvTuXGFQuX9PCzGhGSfjOgn6+o2+WdrFW21fvFxMc2mV6Ds1/m8VO9rqPjAqRvuUl3LJPv+/jYHpt7otv4zJOg+guWO7gxUe0lVF7fBW54Cl3e7fMic8MjAdGvkaruTIC4uOqNMYKJjGQEYrlWB4vhI0ZAkLi6vxTm36bwy6jeTy9Mcl9pNM2ATyQzo8rA/OdG5ifHBSd1jrzT5Uj00mntDku73hQptMhakRj2PUUjRXmk1SPYi+Ts6iFg1xc0oeIXmd/lLXfod1K4avAKzuiOyubSVVp1K5RYYPT4tdaSA8yraEA9F23CaD2Cw+AjAGXKcaOuHZvFY8r8I/vb/Y7c+JQr6uAhM1aJnXGFKKwo6YFTJmv93gB5/yTBpmXAkRlwplcxnxvvjA3i/PC3H22XDqJyjmU29F9PjVMga82I4iU1cyJ+3zMbu4e1biJK+jSPYIr+qXdzvvLrrSG/ajg+9flc8HHhEs/A5EAm2naRR739xvKOIQboRsV67UgZ4TH1aJZNzQEkA70qGSGsZNPtVsbzS/4YlHH9CPawnv3ICQ== emergency-homelab-cal@nobara-pc

# SSH configuration
ssh_pwauth: false
disable_root: true
ssh_genkeytypes: []

# Package management
package_update: true
package_upgrade: true
package_reboot_if_required: true

packages:
  - curl
  - wget
  - git
  - vim
  - htop
  - unzip
  - software-properties-common
  - apt-transport-https
  - ca-certificates
  - gnupg
  - lsb-release
  - unattended-upgrades

# Docker installation via runcmd
runcmd:
  # Configure automatic security updates
  - dpkg-reconfigure -plow unattended-upgrades
  
  # Remove any old Docker installations
  - apt-get remove -y docker docker-engine docker.io containerd runc || true
  
  # Add Docker GPG key and repository
  - mkdir -p /etc/apt/keyrings
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
  
  # Install Docker
  - apt-get update
  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  
  # Enable Docker service
  - systemctl enable docker
  - systemctl start docker
  
  # Add cal user to docker group (will take effect after next login)
  - usermod -aG docker cal
  
  # Test Docker installation
  - docker run --rm hello-world

# Write configuration files
write_files:
  # SSH hardening configuration
  - path: /etc/ssh/sshd_config.d/99-homelab-security.conf
    content: |
      PasswordAuthentication no
      PubkeyAuthentication yes
      PermitRootLogin no
      AllowUsers cal
      Protocol 2
      ClientAliveInterval 300
      ClientAliveCountMax 2
      MaxAuthTries 3
    permissions: '0644'
  
  # Useful bash aliases for the cal user
  - path: /home/cal/.bash_aliases
    content: |
      # Docker aliases
      alias dps='docker ps'
      alias dlog='docker logs'
      alias dexec='docker exec -it'
      alias dstop='docker stop $(docker ps -q)'
      alias dprune='docker system prune -f'
      
      # Docker Compose aliases
      alias dc='docker compose'
      alias dcup='docker compose up -d'
      alias dcdown='docker compose down'
      alias dclogs='docker compose logs -f'
      
      # System aliases
      alias ll='ls -alF'
      alias la='ls -A'
      alias l='ls -CF'
      alias ..='cd ..'
      alias ...='cd ../..'
      alias grep='grep --color=auto'
      alias fgrep='fgrep --color=auto'
      alias egrep='egrep --color=auto'
    owner: cal:cal
    permissions: '0644'
  
  # Welcome message with system info
  - path: /etc/motd
    content: |
      
      ╔══════════════════════════════════════════════════════╗
      ║               Home Lab VM - Ready                    ║
      ║                                                      ║
      ║  Docker & Docker Compose: Installed ✓               ║
      ║  SSH Keys: Deployed ✓                               ║
      ║  Security: Hardened ✓                               ║
      ║  Updates: Automatic ✓                               ║
      ║                                                      ║
      ║  Quick Commands:                                     ║
      ║    docker --version                                  ║
      ║    docker compose version                            ║
      ║    docker run --rm hello-world                       ║
      ║                                                      ║
      ╚══════════════════════════════════════════════════════╝
      
    permissions: '0644'

# Final commands to run after everything else
final_message: |
  VM provisioning completed successfully!
  
  Installed software:
  - Docker & Docker Compose
  - Essential system packages
  - Automatic security updates
  
  Security configuration:
  - SSH key-based authentication only
  - Password authentication disabled
  - User 'cal' added to docker group
  
  Connect via SSH: ssh cal@<vm-ip>
  
  System is ready for Docker container deployment!